<?php # Script 9.3 - edit_user.php
$page_title = '사용자 수정';
include('includes/header.html');
?>
	<div id="wrap">
		<div class="navbar navbar-inverse">
			<div class="navbar-inner">
				<div class="container">
					<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
						<span class="icon-bar"></span>
						<span class="icon-bar"></span>
						<span class="icon-bar"></span>
					</a>
					<a class="brand" href="index.php">User Manager</a>
					<div class="nav-collapse collapse">
						<ul class="nav">
							<li class=""><a href="index.php">홈</a></li>
							<li class="active"><a href="register.php">사용자 등록</a></li>
							<li class=""><a href="view_users.php">사용자 목록</a></li>
							<li class=""><a href="#">비밀번호 변경</a></li>
							<li class=""><a href="#">link five</a></li>
						</ul>
					</div>
				</div>
			</div>
		</div>
		<div class="container">
			<div class="page-header">
    	<!-- Start of the page-specific content. -->
<?php

echo '<h1>사용자 수정</h1>';

// Check for a valid user ID, through GET or POST:
if ((isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php
	$id = $_GET['id'];
} elseif ((isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
	$id = $_POST['id'];
} else { // No valid ID, kill the script.
	echo '<p class="text-error">This page has been accessed in error.</p>';
	include('includes/footer.html');
	exit();
}

require_once('./mysqli_connect.php'); // Connect to the db.

// Check if the form has been submitted:
if (isset($_POST['submitted'])) {

	$errors = array();

	// Check for a first name:
	if (empty($_POST['first_name'])) {
		$errors[] = 'You forgot to enter your first name.';
	} else {
		$fn = mysqli_real_escape_string($dbc, trim($_POST['first_name']));
	}

	// Check for a last name:
	if (empty($_POST['last_name'])) {
		$errors[] = 'You forgot to enter your last name.';
	} else {
		$ln = mysqli_real_escape_string($dbc, trim($_POST['last_name']));
	}

	// Check for an email address:
	if (empty($_POST['email'])) {
		$errors[] = 'You forgot to enter your email address.';
	} else {
		$e = mysqli_real_escape_string($dbc, trim($_POST['email']));
	}

	if (empty($errors)) { // If everything's OK.
		
		// Test for unique email address:
		$q = "select user_id from users where email='$e' and user_id != $id";
		$r = @mysqli_query($dbc, $q);
		if (mysqli_num_rows($r) == 0) {
			
			// Make the query:
			$q = "update users set first_name='$fn', last_name='$ln', email='$e' where user_id=$id limit 1";
			$r = @mysqli_query($dbc, $q);
			if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
				
				// Print a message:
				echo '<p>The user has been edited.</p>';
			} else { // If it did not run OK.
				echo '<p class="text-error">The user could not be edited due to a system error. We apologize for any inconvenience.</p>'; // Public message.
				echo '<p>' . mysqli_error($dbc) . '<br/>Query: ' . $q . '</p>'; // Debugging message.
			}

		} else { // Already registered.
			echo '<p class="text-error">The email address has already been registered.</p>';
		}

	} else { // Report the errors.
		echo '<p class="text-error">The following error(s) occurred:<br/>';
		foreach ($errors as $msg) { // Print each error.
			echo " - $msg<br/>\n";
		}
		echo '</p><p>Please try again.</p>';

	} // End of if (empty($errors)) IF.

} // End of submit conditional.

// Always show the form...

// Retrieve the user's information:
$q = "select first_name, last_name, email from users where user_id=$id";
$r = @mysqli_query($dbc, $q);

if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.

	// Get the user's information:
	$row = mysqli_fetch_array($r, MYSQLI_NUM);

	// Create the form:
	echo '<form action="edit_user.php" method="post">
		<fieldset>
			<div class="control-group">
				<label class="control-label">First Name:</label>
				<div class="controls">
					<input type="text" class="input-xlarge" name="first_name" size="15" maxlength="20" value="'.$row[0].'">
				</div>
			</div>
			<div class="control-group">
				<label class="control-label">Last Name:</label>
				<div class="controls">
					<input type="text" class="input-xlarge" name="last_name" size="15" maxlength="40" value="'.$row[1].'">
				</div>
			</div>
			<div class="control-group">
				<label class="control-label">Email Address:</label>
				<div class="controls">
					<input type="text" class="input-xlarge" name="email" size="20" maxlength="80" value="'.$row[2].'">
				</div>
			</div>
			<div class="form-actions">
	            <button type="submit" class="btn btn-primary btn-large">Submit</button>
	            <input type="hidden" name="submitted" value="TRUE" />
	            <input type="hidden" name="id" value="'.$id.'" />
	        </div>
		</fieldset>
	</form>';

} else { // Not a valid user ID.
	echo '<p class="text-error">This page has been accessed in error.</p>';
}

mysqli_close($dbc);

?>
<?php
include('includes/footer.html');
?>